From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.6 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 180D0C169C4 for ; Fri, 8 Feb 2019 16:38:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D3D8920823 for ; Fri, 8 Feb 2019 16:38:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="XnH0RYkG" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727467AbfBHQi4 (ORCPT ); Fri, 8 Feb 2019 11:38:56 -0500 Received: from mail-qk1-f202.google.com ([209.85.222.202]:40249 "EHLO mail-qk1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726522AbfBHQi4 (ORCPT ); Fri, 8 Feb 2019 11:38:56 -0500 Received: by mail-qk1-f202.google.com with SMTP id y83so3871748qka.7 for ; Fri, 08 Feb 2019 08:38:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=+wFo/zFBN2iLVWNIpgQLaX9xtTMh8BUZXrjAl8KAGRw=; b=XnH0RYkG2z9vAlyhAsRFKtFdyAREG8z1DWNxsaXMP8rfE+gt9NaPPM2oU5itjyV2Ba EYoKAMRJodwsyJoE1oUD0MYW1BJvjKcnGM5YiMWMEo/4WBxb/xKd4lR/b5P1sZ94yskJ /uSxE5ZxpZ7Ap9PQ5/cohQyjkPn+8BR/vedJ986s+lzw54OhigaoNXge7r9cIOx6m1Kw q99yWcsiTH+JgcWMcGdTX1M47RdIS4JmOnUjsldKwcWpB+4YTVrSNrhIvAO3LrF09fi5 /9seNrCSQNqsdrYkQPgkx59HahDQjPtJHFNKynVxzbFzoBAKe01ru1bZRg9aKurUFXEs R5OQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=+wFo/zFBN2iLVWNIpgQLaX9xtTMh8BUZXrjAl8KAGRw=; b=cGSt1yidzwOaywFi2y5Iyphyh44MWAgRQS20mJGIhi/wInOxLwLdkjcy/D2j+7KBoS YxY0fugRPWhq0WkShODvPSdI32Afb7BjiqM/A8/qXVU0Yzhs9YJsLi6msZOVk2Cv2BR1 bu+pvAKOIw9eoApYkHw6SOzin4Humfm4UIFTppA1Se9CgFgqqnWy/ea2QmkZp0CxfbHv vAhvjLWKgmsrtVuh9fU7hIcSLzU4FKkECc+PVou8ka2rkFJ7aivyuAZTjTPYgX2yQGNI UJDt01F1wbwzQXk8aokcRQEOdQaUSR+67GTPP+x8nugdB+AAEFQCipWnUTwzCU3zZe/Y Lgqw== X-Gm-Message-State: AHQUAuZk9TCUSWxSX7bhO51VqYUNKXBiXsVHuMOoTtXfFXhunPI3BdVo g65MWFiOrAEDQ6S59kaHRKe2Z1p7 X-Google-Smtp-Source: AHgI3IaENolBkQSbSfddRaZKYYv0Xy/kUIOKkErqhxKy+iUq9UYxvsJjL22Vwj02tYf7Sd5kZCgG2QiU X-Received: by 2002:a0c:af8a:: with SMTP id s10mr12557725qvc.26.1549643935220; Fri, 08 Feb 2019 08:38:55 -0800 (PST) Date: Fri, 8 Feb 2019 08:38:43 -0800 Message-Id: <20190208163849.151626-1-posk@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.20.1.791.gb4d0f1c61a-goog Subject: [PATCH bpf-next v8 0/6] bpf: add BPF_LWT_ENCAP_IP option to bpf_lwt_push_encap From: Peter Oskolkov To: Alexei Starovoitov , Daniel Borkmann , netdev@vger.kernel.org Cc: Peter Oskolkov , David Ahern , Willem de Bruijn , Peter Oskolkov Content-Type: text/plain; charset="UTF-8" Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This patchset implements BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap BPF helper. It enables BPF programs (specifically, BPF_PROG_TYPE_LWT_IN and BPF_PROG_TYPE_LWT_XMIT prog types) to add IP encapsulation headers to packets (e.g. IP/GRE, GUE, IPIP). This is useful when thousands of different short-lived flows should be encapped, each with different and dynamically determined destination. Although lwtunnels can be used in some of these scenarios, the ability to dynamically generate encap headers adds more flexibility, e.g. when routing depends on the state of the host (reflected in global bpf maps). V2 changes: added flowi-based route lookup, IPv6 encapping, and encapping on ingress. V3 changes: incorporated David Ahern's suggestions: - added l3mdev check/oif (patch 2) - sync bpf.h from include/uapi into tools/include/uapi - selftest tweaks V4 changes: moved route lookup/dst change from bpf_push_ip_encap to when BPF_LWT_REROUTE is handled, as suggested by David Ahern. V5 changes: added a check in lwt_xmit that skb->protocol stays the same if the skb is to be passed back to the stack (ret == BPF_OK). Again, suggested by David Ahern. V6 changes: abandoned. V7 changes: added handling of GSO packets (patch 3 in the patchset added), as suggested by BPF maintainers. V8 changes: - fixed build errors when LWT or IPV6 are not enabled; - whitelisted TCP GSO instead of blacklisting SCTP and UDP GSO, as suggested by Willem de Bruijn; - added validation that pushed length cover needed headers when GRE/UDP encap is detected, as suggested by Willem de Bruijn; - a couple of minor/stylistic tweaks/fixed typos. Peter Oskolkov (6): bpf: add plumbing for BPF_LWT_ENCAP_IP in bpf_lwt_push_encap bpf: implement BPF_LWT_ENCAP_IP mode in bpf_lwt_push_encap bpf: handle GSO in bpf_lwt_push_encap bpf: add handling of BPF_LWT_REROUTE to lwt_bpf.c bpf: sync /include/.../bpf.h with tools/include/.../bpf.h selftests: bpf: add test_lwt_ip_encap selftest include/net/lwtunnel.h | 2 + include/uapi/linux/bpf.h | 26 +- net/core/filter.c | 49 ++- net/core/lwt_bpf.c | 262 +++++++++++++++ tools/include/uapi/linux/bpf.h | 26 +- tools/testing/selftests/bpf/Makefile | 6 +- .../testing/selftests/bpf/test_lwt_ip_encap.c | 85 +++++ .../selftests/bpf/test_lwt_ip_encap.sh | 311 ++++++++++++++++++ 8 files changed, 756 insertions(+), 11 deletions(-) create mode 100644 tools/testing/selftests/bpf/test_lwt_ip_encap.c create mode 100755 tools/testing/selftests/bpf/test_lwt_ip_encap.sh -- 2.20.1.791.gb4d0f1c61a-goog